<!DOCTYPE html>
<html lang="en">
  <head>
    <meta charset="UTF-8" />
    <meta name="viewport" content="width=device-width, initial-scale=1.0" />
    <title>Intro</title>
    <link rel="stylesheet" href="../index.css" />
    <link rel="stylesheet" href="./doc.css" />
  </head>
  <body class="dark">
    <h1>Intro</h1>
    <ul>
      <li><a href="./javascript.html">Javascript</a></li>
      <li><a href="./css.html">CSS</a></li>
      <li><a href="./html.html">HTML</a></li>
      <li><a href="./nodejs.html">Nodejs</a></li>
    </ul>
    <blockquote>
      The Web Developer Guide provides useful how-to content to help you actually use Web
      technologies (js/css/html/nodejs...) to do what you want or need to do.
    </blockquote>
    <blockquote>
      When HTML is used to create interactive sites, care needs to be taken to avoid introducing
      vulnerabilities through which attackers can compromise the integrity of the site itself or of
      the site's users.
    </blockquote>
    <blockquote>
      A comprehensive study of this matter is beyond the scope of this document, and authors are
      strongly encouraged to study the matter in more detail. However, this section attempts to
      provide a quick introduction to some common pitfalls in HTML application development.
    </blockquote>
    <blockquote>
      The security model of the web is based on the concept of "origins", and correspondingly many
      of the potential attacks on the web involve cross-origin actions.
    </blockquote>
    <blockquote>
      When accepting untrusted input, e.g. user-generated content such as text comments, values in
      URL parameters, messages from third-party sites, etc, it is imperative that the data be
      validated before use, and properly escaped when displayed. Failing to do this can allow a
      hostile user to perform a variety of attacks, ranging from the potentially benign, such as
      providing bogus user information like a negative age, to the serious, such as running scripts
      every time a user looks at a page that includes the information, potentially propagating the
      attack in the process, to the catastrophic, such as deleting all data in the server.
    </blockquote>
    <script type="module" src="./doc.js"></script>
  </body>
</html>
